$15.3M Stolen from 5 Mexican Companies

At least five Mexican companies had funds swiped from them earlier this month due to hacking activities targeting Mexico’s interbank payment system. The amount taken totalled over $15 million, stolen over a period of several weeks, the Bank of Mexico said. Central Bank Governor Alejandro Diaz de Leon told reporters, “approximately 300 million pesos ($15.3 million)” had been swiped by hackers in “irregular transactions”. Some of it had not yet been withdrawn, and could still be recovered. The Governor said that the accounts of its commercial bank customers were never jeopardized. He also stated that an investigation was under way, and sought to assume customers that action was being taken.

“We are very conscious that this has affected users, and we are sorry about that and we are taking immediate actions to recover the speed of the system with full security,” Diaz de Leon said.

The interbank payments system, called SPEI, enables real-time transfers between different banks. It works similarly to the SWIFT global messaging service that transfers millions of dollars each day worldwide. The banks will either connect via their own computer systems or through an external provider. According to the director general of the corporate payments and services system at the Bank of Mexico, Lorenza Martinez, this is where the attacks appear to have occurred rather than a direct attack against the electronic payments system itself.

Martinez said that at least five attacks had occurred, but the total amount may change as the investigation was still underway. The targets included three banks, a credit union and a broker. The criminal activity was detected in late April as cybercriminals were detected using the system to send false orders. A slowdown in transfers prompted the investigation, raising concerns of a cyber attack on Latin America’s second largest economy. Following the attacks, the banks switched to a more secure, yet slower, method.

Reuters reported that it had been told that cash withdrawals took place from dozens of banks around Mexico shortly following hundreds of fraudulent transfers. Apparently, the central bank took over two weeks to come forwards about the cyber attack and provide details about the potential losses.

It is not clear whether the attackers were domestic or international. The central bank of Mexico said that while it had had an internal cyber security unit in place since 2013, it was now in the process of creating a new unit to design and issue guidelines on information security for banks across the country.